﻿@{
    // Set the layout page and page title
    LayoutPage = "~/_SiteLayout.cshtml";
    PageData["Title"] = "Forget Your Password?";

    bool passwordSent = false;
    bool isValid = true;
    var errorMessage = "";
    var emailError = "";
    var disabledAttribute = "";
    var resetToken = "";
    var email = Request.Form["email"] ?? Request.QueryString["email"];

    if (IsPost) {
        // validate email
        if (email.IsEmpty() || !email.Contains("@")) {
            emailError = "Please enter a valid email";
            isValid = false;
        }
        if (isValid) {
            if (WebSecurity.GetUserId(email) > -1 && WebSecurity.IsConfirmed(email)) {
                resetToken = WebSecurity.GeneratePasswordResetToken(email); //Optionally specify an expiration date for the token
            }
            else {
                passwordSent = true; // We don't want to disclose that the user does not exist.
                isValid = false;
            }
        }
        if (isValid) {
            var portPart = "";
            var port = Request.Url.Port;
            if (port != 80) {
                portPart = ":" + port;
            }
            var resetUrl = Request.Url.Scheme + "://" + Request.Url.Host + portPart + VirtualPathUtility.ToAbsolute("~/Account/PasswordReset?resetToken=" + Url.Encode(resetToken));
            Mail.Send(
                to: email,	
                subject: "Please reset your password", 
                body: "Use this password reset token to reset your password. The token is: " + resetToken + @". Visit <a href=""" + resetUrl + @""">" + resetUrl + "</a> to reset your password."
            );
            passwordSent = true;
            disabledAttribute = @"disabled=""disabled""";
        }
    }
}

<fieldset class="prettyForm">
    <legend>Password Reset Instructions Form</legend>
    @if (!Mail.SmtpServer.IsEmpty()) {
    <p>
        We will send password reset instructions to the email address associated with your account. 
    </p>
    <form method="post" action="">
        @if (passwordSent) {
            <div class="message success icon">
                Instructions to reset your password have been sent to the specified email address.
            </div>
        }
        @if (!errorMessage.IsEmpty()) {
            <div class="message error icon">
                @errorMessage
            </div>
        }
        <div>
            <label for="email">Email Address</label>
            <input type="text" name="email" value="@email" @disabledAttribute/>
            @if (!emailError.IsEmpty()) {
                <span class="message error">&raquo; @emailError</span>
            }
        </div>
        <div>
            <input type="submit" value="Send Instructions" @disabledAttribute/>
        </div>
    </form>
    }
    else {
        <div class=" message error icon">
            Password recovery is disabled for this website because the Smtp server is 
            not configured correctly. Please contact the owner of this site to reset 
            your password.
        </div>
    }
</fieldset>
